IT Governance Risk Compliance Officer

Overview:
Reporting to the Manager, Cybersecurity & IT Governance, Risk and Compliance, the IT Governance, Risk & Compliance (GRC) Officer is accountable for the daily oversight and coordination of the IT GRC function. This position ensures the consistent execution of IT risk management, compliance monitoring, and governance practices across the IT Division.

The Officer leads and coordinates project-related activities, assisting team members with risk assessments, control evaluations, and compliance monitoring to ensure alignment with internal standards, external requirements, and strategic objectives. This includes enabling comprehensive visibility of IT risk across the organisation.

**Responsibilities**:

- Lead the planning and execution of IT risk assessments across the IT and business units and technology domains.
- Ensure assessments are aligned with the enterprise risk management framework and identify key risks, control gaps, and mitigation strategies.
- Oversee the design and execution of control testing procedures to evaluate the effectiveness of IT controls.
- Ensure timely remediation of deficiencies and maintain documentation to support audit readiness.
- Maintain and update the integrated IT Risk Register, ensuring risks are accurately documented, categorized, and prioritized.
- Monitor compliance with internal policies, regulatory requirements (e.g., FIPPA, PHIA), and industry standards (e.g., ISO 27001, NIST, PCI-DSS, ITIL).
- Coordinate periodic reviews and assessments to ensure ongoing adherence.
- Function as the primary liaison for internal and external audits related to IT risk, compliance, and governance.
- Collaborate with stakeholders to ensure timely and effective resolution of audit issues and continuous improvement of audit readiness.
- Lead the implementation of third-party risk management processes.
- Review vendor risk assessments and ensure appropriate controls are in place for outsourced services and cloud providers.
- Develop and maintain dashboards and reports on key risk indicators (KRIs), compliance status, and control effectiveness.
- Support the development and maintenance of GRC documentation and ensure it is accessible and up to date.
- Work closely with cybersecurity, legal, privacy, and enterprise risk teams to ensure a coordinated approach to risk management.
- Serve as the primary point of contact for stakeholders during compliance and risk management project lifecycles.
- Develop and manage project plans, timelines, and deliverables for key compliance initiatives (e.g., ISO 27001 certification, internal assessments).
- Support the implementation and maintenance of the IT governance framework to ensure alignment between IT strategies and business objectives.
- Lead the operational management of IT policies, standards, and procedures. This includes drafting, reviewing, updating, and coordinating the approval process.
- Ensure policies are accessible, clearly communicated, and regularly reviewed for relevance and compliance with evolving regulatory and organizational requirements.
- Ensure that IT policies and standards are aligned with recognized frameworks such as COBIT, ISO 27001, and NIST.
- Collaborate with cybersecurity, legal, and compliance teams to ensure policies reflect best practices and regulatory obligations.
- Develop and maintain dashboards and reports that track policy compliance, governance maturity, and control effectiveness.
- Provide regular updates to IT leadership and contribute to enterprise governance reporting.
- Provides SME-level mentorship, regular feedback and uses coaching techniques as a means for development of junior team members.
- Lead the development and execution of a structured IT knowledge management strategy that supports the capture, organization, and dissemination of critical information across the IT functions.
- Oversee the maintenance and continuous improvement of centralized knowledge repositories to ensure IT teams have access to accurate, up-to-date, and searchable documentation, including SOPs, technical standards, process flows, and FAQs.
- Implement processes for the creation, review, approval, and retirement of IT knowledge assets.
- Evaluate and recommend tools and platforms that enhance knowledge capture, collaboration, and retrieval.
- Ensure integration with existing ITSM, GRC, and collaboration platforms to streamline access and usage.

Qualifications:
**Education and Experience**
- University degree or four-year college diploma in Computer Science, Business or similar discipline or a related discipline from a recognized university or college.
- Seven years of experience in Information Technology, IT Risk & Compliance Management and/or Cybersecurity.

OR
- A two-year diploma in a relevant field from an accredited institution.
- Nine years of experience in Information Technology, IT Risk & Compliance Management and/or Cybersecurity.

In addition to:

- A professional certification or equivalent from a recog